Insufficient file permissions leak administrator-privileged credentials in AXIS License Verifier ACAP
CVE-2023-21409

8.4HIGH

Key Information:

Vendor

Axis Communications Ab

Status
Axis License Plate Verifier
Vendor
CVE Published:
3 August 2023

What is CVE-2023-21409?

A vulnerability exists in Axis Communications products due to insufficient file permissions, which allows unprivileged users to access unencrypted administrator credentials. This can potentially lead to unauthorized modifications in the application configuration, putting sensitive information at risk. Immediate action is recommended to secure affected systems against unauthorized access.

Affected Version(s)

AXIS License Plate Verifier 2.8.3 or earlier

References

https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712...

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.